SoylentNews is people
SoylentNews
Submitted via IRC for AndyTheAbsurd
Forget fraud, Société Générale and Groupe BPCE's new bank cards are about to change everything about fraud.
Part of the problem is that once your card details are stolen – whether through a phishing attack or by someone copying the digits on the back – fraudsters are free to go on a spending spree until you notice something's up.
They're getting away with millions, and it's a problem affecting over half a million people in the first half of 2016 alone.
Normally by the time you get around to actually cancelling your card, it's all too late. But what if the numbers on your card changed every hour so that, even if a fraudster copied them, they'd quickly be out of date?
That's exactly what two French banks are starting to do with their new high-tech ebank cards.
On the back of each card is a 3 digit security number which you must quote to validate any online or telephone purchase. If this number is compromised then there is nothing to prevent the card being used by anyone else. But on the new card the digits are displayed on a small LCD 7-segment display:
The three digits on the back of this card will change, every hour, for three years. And after they change, the previous three digits are essentially worthless, and that's a huge blow for criminals.
Providing that you still have the card in your possession, then whoever has access to the current security number has less than 1 hour to make use of the card. No details are given on how the card issuer and businesses keep synchronised with the current valid card number.
[Ed's Note: Edited to show LCD display rather than LED. Apologies for my error.]
(Score: 5, Interesting) by Grishnakh on Wednesday October 05 2016, @07:44PM
I had an idea about this: if the big problem is that insiders at bars and restaurants are taking photos of your card and your CSC number when you go out to eat, maybe it'd make sense to simple scratch off the CSC number on your card, so that no one who handles the card will know what it is. Obviously, you'd want to make sure you record that number elsewhere, either memorizing it (it's only 3 digits) or recording it somewhere else secure. AFAIK, the only time you need the CSC number anyway is when you're buying stuff online, so as long as you have it written down next to your computer (or saved in an encrypted file on your computer...), you should be fine.
This way, some shitty waiter at a restaurant won't be able to get enough data from your card for it to be used for mail-order fraud later.
Any thoughts? Am I missing something?
(Score: 1) by fubari on Wednesday October 05 2016, @09:43PM
My first thought is "Why didn't I think of that?" :-)
My second thought is I don't know if I'm sufficiently paranoid - maybe if I travel to high tourist areas or something, but skimming hasn't been a problem for me (data breaches [krebsonsecurity.com] seem to impact me more).
My only CSC story (off topic): for a while I had a card with a CSC of "001", first time it was trivial to remember. Ran into a bug on paypal where the data entry validation was rejecting it... support had me use a different URL to get to an older user interface, not as "pretty" but worked fine.
(Score: 2) by Webweasel on Thursday October 06 2016, @09:59AM
Wait wait, back up for a sec...
You let other people physically handle your card? Is this common?
My card never leaves my possession. Chip and pin readers tend to be wireless now and are brought to you.
In a restaurant, I would expect the chip and pin reader to be brought to my table.
Same in the pub, everywhere.
Priyom.org Number stations, Russian Military radio. "You are a bad, bad man. Do you have any other virtues?"-Runaway1956
(Score: 3, Informative) by Joe Desertrat on Thursday October 06 2016, @10:09AM
You let other people physically handle your card? Is this common? My card never leaves my possession. Chip and pin readers tend to be wireless now and are brought to you.
Most tourist areas in the US are not up to that level of tech yet. If you run a tab in a bar, the bartender keeps your card until you are ready to pay your tab.
(Score: 2) by damnbunni on Thursday October 06 2016, @03:20PM
The US does not use chip and pin. The cardreaders are hardwired into the till. Some restaurants you pay on the way out, but it's far more common that you hand your card (or cash) to the server, who brings back a paper signature slip (or your change).
(Score: 0) by Anonymous Coward on Thursday October 06 2016, @03:24PM
Well, in the bar or restaurant, I always pay cash. Since I don't tend to write my credit card number/security code on banknotes, this pretty much ensures no one there can copy the card details.
(Score: 2) by Grishnakh on Thursday October 06 2016, @05:06PM
In a restaurant, I would expect the chip and pin reader to be brought to my table.
What is this magical, high-tech land you live in? Did you come here from the future? Here in the USA in 2016, I've never even heard of such a thing; you must definitely be from the year 2030 or later. We still have to give our card to the waiter and then they bring it back with a thermal receipt that we sign and write the tip on.